Return-Path: 
 <tomcat-user-return-42165-apmail-jakarta-tomcat-user-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org
Received: (qmail 42250 invoked by uid 500); 24 Jul 2001 16:09:35 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: tomcat-user@jakarta.apache.org
list-help: <mailto:tomcat-user-help@jakarta.apache.org>
list-unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
list-post: <mailto:tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 42243 invoked from network); 24 Jul 2001 16:09:35 -0000
Received: from unknown (HELO wtsrv01.GETABSTRACT.COM) (195.94.39.130)
  by h31.sny.collab.net with SMTP; 24 Jul 2001 16:09:35 -0000
Received: by WTSRV01 with Internet Mail Service (5.5.2653.19)
	id <PQ979RZQ>; Tue, 24 Jul 2001 18:07:13 +0200
Message-ID: <BBF8D6C3AACDD31181C2009027E7005C42F373@WTSRV01>
From: Brigger Patrick <Patrick.Brigger@GETABSTRACT.com>
To: "'tomcat-user@jakarta.apache.org'" <tomcat-user@jakarta.apache.org>
Subject: RE: keeping sessions when switching from http to https
Date: Tue, 24 Jul 2001 18:07:06 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N

This is for use in an e-commerece application. The customer puts items in
his shopping basket. When he decides to purchase, the login and credit card
input pages are under https. Therefore, I need to establish a session under
http and carry it over to https! 

This works perfectly fine using JServ (real life example:
www.getabstract.com). I am surprised to find out that I should be the first
one who needs this using Tomcat!(?). Any real-life e-shop application will
face this requirement. Has really nobody done this before?

Thanks for the answer, anyway.

Pat

-----Original Message-----
From: Wyn Easton [mailto:wyneaston@yahoo.com]
Sent: Dienstag, 24. Juli 2001 15:17
To: tomcat-user@jakarta.apache.org
Subject: Re: keeping sessions when switching from http to https


What if you don't create the session until you switch
to https?

A session is pinned to a domain. The domain includes
the scheme (http or https) so when you switch from
http to https you will loose your session. Also the
port number will change, which changes the domain.


--- Brigger Patrick <Patrick.Brigger@GETABSTRACT.com>
wrote:
> Hi,
> 
> Without cookies, I loose my session object when
> switching from http to https
> using encodeUrl. Can anyone help? 
> Otherwise, it makes Tomcat really useless in real
> life applications, where
> it is absolutely necessary to support customers that
> have cookies disabled.
> 
> Thanks,
> 
> Pat


__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/